A Defense Mechanism of Random Routing Mutation in SDN

Jiang LIU  Hongqi ZHANG  Zhencheng GUO  

IEICE TRANSACTIONS on Information and Systems   Vol.E100-D   No.5   pp.1046-1054
Publication Date: 2017/05/01
Publicized: 2017/02/21
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2016EDP7377
Type of Manuscript: PAPER
Category: Information Network
random routing mutation,  moving target defense,  OpenFlow protocol,  software-defined network,  

Full Text: PDF>>
Buy this Article

Focused on network reconnaissance, eavesdropping, and DoS attacks caused by static routing policies, this paper designs a random routing mutation architecture based on the OpenFlow protocol, which takes advantages of the global network view and centralized control in a software-defined network. An entropy matrix of network traffic characteristics is constructed by using volume measurements and characteristic measurements of network traffic. Random routing mutation is triggered according to the result of network anomaly detection, which using a wavelet transform and principal component analysis to handle the above entropy matrix for both spatial and temporal correlations. The generation of a random routing path is specified as a 0-1 knapsack problem, which is calculated using an improved ant colony algorithm. Theoretical analysis and simulation results show that the proposed method not only increases the difficulty of network reconnaissance and eavesdropping but also reduces the impact of DoS attacks on the normal communication in an SDN network.